Senior Member from US

joined:Apr 9, 2011
posts:13266
votes: 363

your entire /images/ folder - no content specified

Do you mean that they're requesting /images/ like that? They're hoping to find an index file-- probably auto-generated-- that will helpfully provide a list of all images in one handy location. Do not oblige them. (This is generic advice for all image directories everywhere, unless you've got some specific reason to do otherwise.)

btw, those are all the same IP. Well, two IPs. 69.171.224.0/19 and 66.220.144.0/20

:: off to pursue line of thought ::

Nope, nobody's been snuffling around any /images/ directory lately. I tend to auto-ignore 403s, which is what they'd get, so I had to go back and check semi-manually.

Moderator This Forum from US

joined:Sept 26, 2001
posts:7029
votes: 179

How many of these hits are simply trying to access all of your entire /images/ folder - no content specified?

In the 2 years I've been using FB as a traffic generator, I have never seen an authentic FB UA attempt access to an image directory without the specific image file used on the page... and I keep a very tight lookout on my daily logs, especially from major traffic sources.

I'm guessing this is one of the APs added by FB users (pinterest, simcity, etc) which would all get a FB IP and UA (facebookexternalhit/) since FB controls all activity from within its UI.

However, this may be something new I haven't seen yet. If it happened at my site, I'd complain to FB.

Junior Member

joined:July 13, 2010
posts:170
votes: 0

This topic is fairly old, but by accident I discovered the cause of my errors:

I started using Facebook's OpenGraph (to display a chosen picture, rather than have them scan the site for a pic and let the poster choose a thumbnail) - on pages I dynamically set, I forgot to add an:

if (isset($_GET['whatever']))

on pages I didn't have a chosen thumb specified, so it was grabbing /images (which obviously, triggered errors, because I had http://www.example/com/'.$variable.' set)